{0,SSL_TXT_HIGH,0, 0,0,0,0,0,SSL_HIGH, 0,0,0},
/* FIPS 140-2 approved ciphersuite */
{0,SSL_TXT_FIPS,0, 0,0,~SSL_eNULL,0,0,SSL_FIPS, 0,0,0},
+
+ /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
+ {0,SSL3_TXT_EDH_DSS_DES_40_CBC_SHA,0,
+ SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+ {0,SSL3_TXT_EDH_DSS_DES_64_CBC_SHA,0,
+ SSL_kDHE,SSL_aDSS,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+ {0,SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA,0,
+ SSL_kDHE,SSL_aDSS,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
+ {0,SSL3_TXT_EDH_RSA_DES_40_CBC_SHA,0,
+ SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_EXPORT|SSL_EXP40,0,0,0,},
+ {0,SSL3_TXT_EDH_RSA_DES_64_CBC_SHA,0,
+ SSL_kDHE,SSL_aRSA,SSL_DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_LOW,0,0,0,},
+ {0,SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,0,
+ SSL_kDHE,SSL_aRSA,SSL_3DES,SSL_SHA1,SSL_SSLV3,SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,0,0,0,},
+
};
/* Search for public key algorithm with given name and
* return its pkey_id if it is available. Otherwise return 0
static int ssl_cipher_process_rulestr(const char *rule_str,
CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p,
- const SSL_CIPHER **ca_list)
+ const SSL_CIPHER **ca_list, CERT *c)
{
unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl, algo_strength;
const char *l, *buf;
while ( ((ch >= 'A') && (ch <= 'Z')) ||
((ch >= '0') && (ch <= '9')) ||
((ch >= 'a') && (ch <= 'z')) ||
- (ch == '-') || (ch == '.'))
+ (ch == '-') || (ch == '.') ||
+ (ch == '='))
#else
- while ( isalnum(ch) || (ch == '-') || (ch == '.'))
+ while ( isalnum(ch) || (ch == '-') || (ch == '.') ||
+ (ch == '='))
#endif
{
ch = *(++l);
if ((buflen == 8) &&
!strncmp(buf, "STRENGTH", 8))
ok = ssl_cipher_strength_sort(head_p, tail_p);
+ else if (buflen == 10 && !strncmp(buf, "SECLEVEL=", 9))
+ {
+ int level = buf[9] - '0';
+ if (level < 0 || level > 5)
+ {
+ SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+ SSL_R_INVALID_COMMAND);
+ }
+ else
+ {
+ c->sec_level = level;
+ ok = 1;
+ }
+ }
else
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
SSL_R_INVALID_COMMAND);
}
#endif
-
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
STACK_OF(SSL_CIPHER) **cipher_list,
STACK_OF(SSL_CIPHER) **cipher_list_by_id,
if (strncmp(rule_str,"DEFAULT",7) == 0)
{
ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
- &head, &tail, ca_list);
+ &head, &tail, ca_list, c);
rule_p += 7;
if (*rule_p == ':')
rule_p++;
}
if (ok && (strlen(rule_p) > 0))
- ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list);
+ ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
OPENSSL_free((void *)ca_list); /* Not needed anymore */
return(ssl_comp_methods);
}
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP) *meths)
+ {
+ STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+ ssl_comp_methods = meths;
+ return old_meths;
+ }
+
+static void cmeth_free(SSL_COMP *cm)
+ {
+ OPENSSL_free(cm);
+ }
+
+void SSL_COMP_free_compression_methods(void)
+ {
+ STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+ ssl_comp_methods = NULL;
+ sk_SSL_COMP_pop_free(old_meths, cmeth_free);
+ }
+
int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
{
SSL_COMP *comp;
projects / openssl.git / blobdiff